Solved

What causes an entry in primary DNS zone to not respond?

Posted on 2010-11-30
10
449 Views
Last Modified: 2012-05-10
I have a CNAME record in my primary DNS zone that doesn't seem to resolve from anywhere, even though it was added at least 24 hours ago, and has a low TTL record.

I'm running bind-9.3.6-4.P1.el5_4.2 on CentOS 5.5

I simply get an "unknown host" message when trying to ping the FQDN/CNAME entry.

If I ping the corresponding server/host entry that holds the "A" record that the CNAME points to, it responds accordingly.

Not sure what I'm missing here.

Thoughts?
0
Comment
Question by:kapshure
  • 5
  • 5
10 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 34241515
The record might be pointing to an invalid/nonexistent entry

i.e.
somename IN CNAME hostname.on-domain-that-does-not-exist.com.

looking up somename.yourdomain.com will result in an error since the lookup can not follow to resolve hostname.on-domain-that-does-not-exist.com

Double check the DNS entry for accuracy.

note if you forgot to add the terminating period as I have in the above example, the result of an entry such as:
somename IN CNAME hostname.on-domain-that-does-not-exist.com

will really be after all the appending processes:

somename.yourdomain.com. IN CNAME hostname.on-domain-that-does-not-exist.com.yourdomain.com

Which will result in a hostname that does not exist.

0
 

Author Comment

by:kapshure
ID: 34241932
the CNAME record points to a valid "A" entry; I can ping the A record, I can ssh to it, etc..  we are just looking to setup a FQDN that will be the entry for an application.

A record = hostA.mydomain.com
CNAME record = hostB.mydomain.com (pointing to hostA.mydomain.com)

and you're right the trailing "." is a common mistake, but its present on the CNAME entry

Do i not actually need the full domain name for the CNAME record? I see it done that way in the DNS zone as is, and other CNAME records work - but just curious.
0
 
LVL 77

Expert Comment

by:arnold
ID: 34242531
Could you copy and paste what you have with the domain replaced with a masquerading mydomain.com  make sure to leave all other items in place.?

If you are creating an alias local to your domain you do not need to use the domain.
i.e.

hostb IN CNAME hostA

will work as the domain will be appended as it is implicitly referenced.
0
 

Author Comment

by:kapshure
ID: 34242562
hostB.                         900     IN      CNAME   hostA.mydomain.com.

Open in new window


above is what I have changed it to.. per your suggestion.

this is what I had before:

hostB.mydomain.com.                    900     IN      CNAME   hostA.mydomain.com.

Open in new window


also, i've only reloaded named.. do i need to actually restart it?
0
 
LVL 77

Expert Comment

by:arnold
ID: 34242624
You do not want to terminate hostb as you have done since you need the domain.
hostb 900 IN CNAME  hosta

Note did you change/increment the serial number? and ran "rndc reload mydomain.com"?

To get the zone data refreshed.
Check /var/log/messages to see if there are any notices from named having issues with loading the zone?

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:kapshure
ID: 34242686
Ok, so I need to put the CNAME entry back the way I had it then it sounds like?

hostB.mydomain.com.   900 IN CNAME hostA.mydomain.com

Open in new window

.

is that right above?

also, when I try to run
"rndc reload mydomain.com"

Open in new window


I get this:

rndc: 'reload' failed: dynamic zone

Open in new window

0
 
LVL 77

Expert Comment

by:arnold
ID: 34242753
The issue is that you have defined the zone mydomain.com as dynamic.
Not sure why you have done it this way.

run the following:
echo "update add hostb.mydomain.com. 900 IN CNAME hosta.mydomain.com.
" | nsupdate -v

this should add the record you need and will update the zone's serial etc.
This is an example of a dynamic update.
0
 

Author Comment

by:kapshure
ID: 34242868
unfortunately, I didnt set up this BIND server, and am not an expert on this (as you can tell haha).

if I run that echo command above, I have a few questions:

- do I need to be in the directory where the zone file is contained
- does the entry need not be present since it looks like this command will actually add it. in my case, the         entry is there. I just need it to take

I see quite a few invalid attempts to make zone file updates in /var/log/messages.. like attempts coming from clients not in our domain. I dont see anything regarding the attempt i've made to update the zone file w/ the CNAME entry above
0
 
LVL 77

Accepted Solution

by:
arnold earned 250 total points
ID: 34242903
You need to be on a system from which dynamic updates are permitted.
Being on the server where bind is running should be fine.
The entry is in the file, but the file can not be reloaded without restarting bind.
when you run this command, you should have two files in the /var/named location for the zone.  It all depends on what you used for the filename i.e. db.mydomain.com and you will have a db.mydomain.com.dsfds

It will not pose an issue for having the same entry since they do not present a conflict.



0
 

Author Comment

by:kapshure
ID: 34244053
turns out that just reloading named doesn't produce the results I was looking for. I coulda swore I had added a CNAME successfully before and only reloaded. We were collecting stats over the past week, so I just dumped those again, then restarted named. This time the CNAME entries started working pretty quickly.

Thanks again arnold for your help
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now